|
611
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12440
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12439
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date’ and 'end_date' parameters in all versions …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12438
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitizati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12384
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-12383
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sa…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12261
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_url_value' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitizat…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12073
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'geotargetlygeocontent' shortcode in all versions up to, and including, 6.0 due to insufficient inpu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11887
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sweepwidget' shortcode in all versions up to, and…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11756
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11749
|
2025-01-7 15:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
